Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jun 2008
    Posts
    57
    Thanks
    15
    Thanked 1 Time in 1 Post

    Question Submitting more then one to database?

    Ok so I have coded this script that submits values to sql database but I want to be able to submit multiple "value4" & "value5" and still have values 1 to 3 enter for each row of the additional 4 & 5 values

    PHP Code:
    <?php

    //  This code runs if the form has been submitted
        
    if (isset($_POST['submit'])) 
        { 

    //  This makes sure they did not leave any fields blank
        
    if (!$_POST['value1'] | !$_POST['value2'] |  !$_POST['value3'] | !$_POST['value4'] | !$_POST['value5'] ) {
        die(
    'You did not complete all of the required fields');
    }

    //  checks
        
    if (!get_magic_quotes_gpc()) {
        
    $_POST['value1'] = addslashes($_POST['value1']);
        
    $_POST['value2'] = addslashes($_POST['value2']);
        
    $_POST['value3'] = addslashes($_POST['value3']);
        
    $_POST['value4'] = addslashes($_POST['value4']);
        
    $_POST['value5'] = addslashes($_POST['value5']);
    }

    //  now we insert it into the database
        
    $insert     "INSERT INTO search_content (value1, value2,value3, value4, value5)
        VALUES ('"
    .$_POST['value1']."', '".$_POST['value2']."', '".$_POST['value3']."', '".$_POST['value4']."', '".$_POST['value5']."')";
        
    $add_details mysql_query($insert);
    ?>

    <h1>Thank you</h1>
    <p>Thank you for your contribution</p>

    <?php 

    else 

    ?>
    <div id="center">

    <form action="submit.php" method="post">

    <h3>value1:</h3>
    <div class="input">
    <input type="text" name="value1" maxlength="150" />
    </div>

    <h3>value2:</h3>
    <div class="input">
    <input type="text" name="value2" maxlength="40" />
    </div>

    <h3>value3:</h3>
    <div class="input">
    <input type="text" name="value3" maxlength="100" />
    </div>

    <h3>value4:</h3>
    <div class="input">
    <input type="text" name="value4" />
    </div>

    <h3>value5:</h3>
    <div class="input">
    <input type="text" name="value5" />
    </div>


    <div id="btn">
    <input type="submit" name="submit" value="Submit" />
    </div>

    </form>
    </div>
    <?php
    }
    ?>
    any ideas?

    also does the coding look safe to you? im new at php and so not sure ...

    As always thank you in advance
    Last edited by buggy; 01-19-2010 at 02:44 AM.
    Newbie at most things ...Hey we all gotta start somewhere right :)

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    This needs a little work:
    PHP Code:
    if (!$_POST['value1'] | !$_POST['value2'] |  !$_POST['value3'] | !$_POST['value4'] | !$_POST['value5'] ) { 
    This is incorrect. This will try to evaluate you're code as bitwise OR comparisons. If these are string, I'd suspect that it would always be 0. Logical (boolean) OR in php is either 'OR' or '||' without the commas, but check into the precedence table if you decide to mix them. Try to stay with double piped or.
    This is backwards:
    PHP Code:
        if (!get_magic_quotes_gpc()) {
        
    $_POST['value1'] = addslashes($_POST['value1']);
        
    $_POST['value2'] = addslashes($_POST['value2']);
        
    $_POST['value3'] = addslashes($_POST['value3']);
        
    $_POST['value4'] = addslashes($_POST['value4']);
        
    $_POST['value5'] = addslashes($_POST['value5']);

    What you want to do is actually strip them if magic quotes is available. Magic quotes are not compatible with mysql_real_escape_string (as in, they are not sensitive to each other). It will also be gone as of PHP6:
    PHP Code:
    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
    {
        
    $_POST['value1'] = stripslashes($_POST['value1']);
        
    $_POST['value2'] = stripslashes($_POST['value2']);
        ...

    You can also look at using the array_walk with stripslashes. Correct the behaviour with mysql_real_escape_string for any string data being inserted into you're database. Cast any numerical data to the corresponding values.


    Now, as for multiple data, the easiest way is to use an html array. All input types can handle them, and are done like so:
    PHP Code:
    <input type="text" name="txt[]" />
    <
    input type="text" name="txt[]" />
    ... 
    The result of you're post will be a multi-dimensional array of txt. This can be used to you're advantage.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    buggy (01-19-2010)

  • #3
    New Coder
    Join Date
    Jun 2008
    Posts
    57
    Thanks
    15
    Thanked 1 Time in 1 Post
    Thank you for your reply Fou-Lu but im a little unsure of what you mean with "This needs a little work:" and the "html array" sections, could you please show me examples of what you mean?

    I took a guess and tried:

    Code:
    <input type="text" name="value5[]" />
    but that just submitted the word "Array" in the db tables ...
    Last edited by buggy; 01-19-2010 at 03:43 AM.
    Newbie at most things ...Hey we all gotta start somewhere right :)

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,246
    Thanks
    12
    Thanked 340 Times in 336 Posts
    because $_POST["value5"] is now an array and its string representation (that’s what’s inserted) is "Array".


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •